I'm trying to write a program in Java that will digitally sign database entries prior to insertion. I would like for the program to be algorithm-independent - ideally, the user would specify the JCE provider and algorithm as arguments at runtime.
Is there a way to do this? I've been testing with the BouncyCastle provider, and the code runs fine when I dynamically register it:
Security.addProvider(new BouncyCastleProvider());
However, when I try to statically register the provider by adding the following lines to the end of my security/java.policy file, I get the error: java.security.NoSuchProviderException: no such provider: BC when I try to get an instance of a Security object using the provider.
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
Specifically, I added those lines to /etc/java-7-openjdk/security/java.policy (which is linked to $JAVA_HOME/jre/lib/security/java.policy). This is on Ubuntu 12.04. I also tried just adding the BouncyCastleProvider as the first entry and got the same error.
Am I configuring the static registration wrong or is what I am attempting impossible?
I think you are adding the static registration into the wrong file. Use
security.policyinstead ofjava.policywithin the same folder.See: https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation